Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One static, 1 dynamic address ...

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 283 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oldlock
      last edited by

      This question has been asked many times, but I have yet to see a concise and clear answer to it. Here is the situation.

      In Australia publicly route-able IP addresses for LTE services are :

      1 - Hard to get
      2 - Expensive
      3 - Add a LOT to latency as all traffic that uses them is routed via 1 exchange in Sydney irrespective of where you are in the country.

      So, for my site to site IPSEC VPN I have :

      Fixed IP for fibre connection into main office (SG3100 server lives here)
      10 LTE routers at remote sites, each with a dynamic, non-routable IP. So these clients need to be able to connect to the server. I'm 100% happy for the server to act as a responder only. I've done this before with cisco ASA etc so I know the LTE side is capable of it. I assume there must be a way for the pfsense to do the same thing ??

      Anyone have any insights. Please note the condition - DYNDNS at the LTE client cannot be part of the solution .

      1 Reply Last reply Reply Quote 0
      • O
        oldlock
        last edited by

        OK. For anyones interest this does work.

        1 - Turn off automatic firewall creation on the pfsense.
        2 - Set the wan address in phase 1 to 0.0.0.0
        3 - In phase 1 advanced select responder only.
        4 - Create any/any firewall rule in IPSEC rules.
        5 - Create UDP/500, UDP4500 and ESP all rules.

        And we have sucess, thanks in no small part to some very patient support staff.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.